question

PoojaKeshri-6722 avatar image
0 Votes"
PoojaKeshri-6722 asked SathyamoorthyVijayakumar-MSFT edited

How to authenticate Http Action calling D365 OData API (authenticated AAD) using USER Managed identity in logic App

Hi,

I have D365 F&O OData API calling Azure AD login URL with client id, secret and audience to authenticate.


I have to call this OData API from Logic App. I am using HTTP Action where I have flexibility to use Managed Identity as Authentication Type.

How can I authenticate the Http Action using user managed identity ?

I have followed below steps -

  1. Create User Managed Identity (user-mi-dev)

  2. Added user-mi-dev to Logic app resource (logicapp-demo-dev)

  3. I have added Application app role in Application registered (Logic-app-dev-integration). D365 OData is using Client Id and secret of this (Logic-app-dev-integration) Application for authentication purpose.

  4. I have added App role in API permission and granted Admin Consent.

  5. I have selected Authentication type as Managed Identity in Http Action.

But it is not working. Now I am not sure what further should be done to authorize the HTTP action for calling Azure AD D365 Odata API from logic app.

There is some configuration that I am missing but I am not sure what more needs to be done in Azure AD application side.

Could you please let me know what configuration is missing in Azure AD side.














azure-active-directoryazure-logic-appsazure-managed-identity
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @poojakeshri-6722,

Thanks for using Microsoft Q&A !!
Could you please provide more details like what errors you are getting ?

Thanks
Saurabh

0 Votes 0 ·

I received below error -
"body": {
"Message": "Please verify that the user is valid and set up correctly."
}
It is Forbidden error and this is the error message I am receiving. I have less knowledge on D365 part but on further analysis I got to know that they have associated client Id with a System admin user. Hence when I am passing them the authentication as MSI it is throwing me this error.
Http Input to D365 from Logic app - "authentication": {
"audience": "https://Sampleurl",
"identity":"/subscriptions/{subscriptionId}/resourcegroups/{resourcegrpname}/providers/microsoft.managedidentity/userassignedidentities/{managedidentityname}",
"type": "ManagedServiceIdentity"
}


0 Votes 0 ·

Continuation of above comment -

And when OAuth 2 is selected for Authentication then the input is
"authentication": {
"tenant": "{tenantID}",
"audience": "Https://sampleurl",
"clientId": "{clientid}",
"secret": "sanitized",
"type": "ActiveDirectoryOAuth"}
This is working fine. So is it even possible.??

0 Votes 0 ·

@poojakeshri-6722 Can you please provide the D365 endpoint you are trying to hit. Also, can you please clarify - what do you mean by associating client id with system admin user ? how are you doing this ?

Thanks
Saurabh

0 Votes 0 ·
Show more comments

0 Answers